Wrong naming of password hash fns (ITS#2093)

Full_Name: Rick van Rein
Version: all
OS: FreeBSD
URL:
Submission from: (NULL) (130.89.15.246)
Hello folks,
This is a matter of using the wrong name for a hash algorithm. SHA should be
SHA1 in slappasswd.
The sha algorithm was a predecessor to sha1, and it is a different algorithm
(AFAIK, sha1 solved a security issue in sha).
Try
echo -n tralala | openssl sha -binary | mimencode
echo -n tralala | openssl sha1 -binary | mimencode
to see the difference in outcome, respectively:
Ec+su2hndQhOFygzY00gPCUnwBE=
uzH7/4+skcF+5gUtmAhObmMYSFk=
Now try encrypting with slappassword,
slappasswd -s tralala -h '{SHA}'
and see that the result is
{SHA}uzH7/4+skcF+5gUtmAhObmMYSFk=
this is the SHA1 hash, but it's been named SHA. That's wrong and confusing.
Also, I was not particularly pleased by the reference from slappasswd's man page
to
an RFC. The general idea of a man page (as I see it) is that it is
self-contained.
Would you like me to rewrite the page (with the change from SHA to SHA1
included)?
Cheers,
Rick van Rein.